httpd-bugs mailing list archives

DO NOT REPLY [Bug 42561] [PATCH] AuthLDAPRemoteUserAttribute only applies in the authn stage

Date

Tue, 07 Sep 2010 18:40:51 GMT

https://issues.apache.org/bugzilla/show_bug.cgi?id=42561
Jean-Yves Avenard <reg-jya-apache@hydrix.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #8 from Jean-Yves Avenard <reg-jya-apache@hydrix.com> 2010-09-07 14:40:49
EDT ---
Here is a version against 2.2 correcting some bugs and issues earlier
mentioned.
I also added two new directives:
-AuthLDAPRemoteFirstUserAttribute: By default, when using a remote user
attribute, if there is more than one attributes of the same kind,
mod_authnz_ldap returns as string made of all the attributes separated by a ";
".
This can have some unwanted effects, for example. Apple's MacOS 10.6 Open
Directory stores users and user aliases in LDAP as:
dn: uid=jeanyves_avenard,cn=users,dc=m,dc=hydrix,dc=com
uid: jeanyves_avenard
uid: jean-yves.avenard
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: apple-user
objectClass: extensibleObject
objectClass: organizationalPerson
objectClass: top
objectClass: person
remote_user attribute would therefore contain: "jeanyves_avenard;
jean-yves.avenard" which is of no use.
When AuthLDAPRemoteFirstUserAttribute is set, then only the first attribute
will be returned.
-AuthzLDAPRemoteUserAttribute: By default, the custom user attribute is only
use for authentication. When AuthzLDAPRemoteUserAttribute is set, it will also
be be used during authorisation.
Cheers
Jean-Yves
Hydrix
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org